Newsroom

April 22, 2014

Verizon finds POS cyber attacks preventable

April 23, 2014 – A recently released data breach investigations report by Verizon showed that many of the cyber attacks last year on the payment systems used by retailers, hotels and restaurants could have been easily prevented.

The report also showed an increase in Web application attacks.

CUinfosecurity.com detailed the report, which analyzes more than 1,300 data breaches in 2013. The report says Web app attacks were the causes of 35 percent of those breaches, and point-of-sale intrusions were responsible for 14 percent. However, the site noted that most of the POS breaches could have been prevented if basic steps had been taken to enhance security.

The Wall Street Journal, which also reported on the study, repeats some "basic hygiene" advice from Verizon for major retailers to help protect payment systems, including:

  • resetting passwords from the factory defaults;
  • not using social media accounts on payment systems; and
  • keeping the payment system separate from corporate email and other functions.

NAFCU was the first financial trade association to call for a national data security standard for retailers last year after the Target Corporation data breach. The association is pressing for legislation that would require merchants to adopt data security standards similar to those required of financial institutions under the Gramm-Leach-Bliley Act.